Re: [9] RFR: 8007706: X.509 cert extension SAN should support "_" in dNSName

On 08/05/2014 07:52 AM, Jason Uh wrote: Hi Florian, I've reviewed the RFC again and think there might be some misinterpretation. The only part I see about underscores reads: Implementers should note that the at sign ('@') and underscore ('_') characters are not supported by the ASN.1 typ

Re: [9] RFR: 8007706: X.509 cert extension SAN should support "_" in dNSName

Hi Florian, I've reviewed the RFC again and think there might be some misinterpretation. The only part I see about underscores reads: Implementers should note that the at sign ('@') and underscore ('_') characters are not supported by the ASN.1 type PrintableString. These characters

Re: [9] request for review 8051972: sun/security/pkcs11/ec/ReadCertificates.java fails intermittently

Looks good. Please add a noreg label (noreg-self probably). Also, the subcomponent should probably be javax.security:pkcs11 --Sean On 07/29/2014 11:02 AM, Vincent Ryan wrote: Please review this simple fix to eliminate an intermittent test failure. Bug: https://bugs.openjdk.java.net/browse/JDK

Re: apple.security.KeychainStore does not load private key (when called from javaws)

Hey guys, any feedback/comments on this? Just to summarize again: KeychainStore does not load private keys when not called with a passphrase. This is the case in various deployment scenarios (like javaws), as a consequence identity certificates stored in Apple Keychain are not available (i.e.

Re: java.security.DigestInputStream does not implement skip(long)

On 08/01/2014 06:06 AM, Florian Weimer wrote: I noticed that the implementation of DigestInputStream does not feed skipped-over bytes to the message digest. The specification is silent on this, and I'm not sure if this a specification deficiency or an implementation bug. Yes, this is a known i

Re: [9] RFR: 8007706: X.509 cert extension SAN should support "_" in dNSName

On 08/02/2014 04:09 AM, Jason Uh wrote: Hi Florian, Thanks for your input. There was some discussion about the issue in the past on this list: http://mail.openjdk.java.net/pipermail/security-dev/2013-February/006622.html Do you disagree with the comments there? I think the intent of RFC 528

Re: On 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine

Please give me more time to think about the overall infrastructure. Xuelei On 8/4/2014 9:48 AM, Wang Weijun wrote: > Hi Xuelei > > Are you OK with the code change? The updated webrev is now at > > http://cr.openjdk.java.net/~weijun/8038089/webrev.02/ > > Comparing to the last version. there

Re: Review request for CR 8049233 Need new tests for testing openssl created certificate

Hello , Please review the tests for openssl generated certificates and CRLS. Changes made : CustomCertificateFactory.java is made thread safe. Here is the new webrev - http://cr.openjdk.java.net/~rhalade/8049233/webrev.01/ Tha

Updated review request for CR 8048362 Test doPrivileged with accomplice

Hello , Please review the updated tests for doPrivilaged with accomplice. Updated the test to use @compile tag rather than compiling using API. Bug -https://bugs.openjdk.java.net/browse/JDK-8048362 webrev - http://cr.openjdk.java.net/~rhalade/8048362/webrev.01/